Live Breaking News & Updates on Sunburst Youth Academy
Stay updated with breaking news from Sunburst youth academy. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
An timeline illustrating a Raindrop infection (Source: Symantec Threat Intelligence ) Symantec Threat Intelligence says it has uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed Raindrop that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets. Raindrop is the fourth malware variant identified as being used during the attack that targeted SolarWinds’ Orion network monitoring software. The others are Teardrop, Sunspot and Sunburst. Symantec says Raindrop is similar to the already documented second-stage loader Teardrop, although they have several key differences. While Teardrop was delivered by the initial Sunburst backdoor, Raindrop appears to have been used for spreading across the victim s network, the Symantec report states. ....
Get Permission Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company s Microsoft Visual Studio development tools to add a backdoor into software builds. The backdoor, dubbed Sunburst, was added to the company s Orion network monitoring software beginning in March 2020. Up to 18,000 customers installed and ran the Trojanized software. Attackers then used the backdoor to target a subset of customers, perhaps numbering in the hundreds, for second-stage attacks, which could have led to data exfiltration, eavesdropping - including email inbox access - and follow-on attacks against business partners. SolarWinds CEO Sudhakar Ramakrishna On Monday, Austin, Texas-based SolarWinds released an update on its attack investigation, reporting that investigators have successfully reverse-engineered code that attackers injected into its software development tools. ....
The SolarWinds’ Orion breach, which is believed to have affected 18,000 organizations, led to follow-on attacks on government agencies and others. Although the agencies did not name the hacking group responsible, The Washington Post and other news media outlets have reported that the threat actor is likely a Russian APT known as APT29 or Cozy Bear. Russia has denied playing any role the attack (see: Dormancy Issue Kaspersky researchers say they found three overlaps between Sunburst and Kazuar. That includes the sleeping algorithm that calculates the time between when the backdoors are planted within a network and when they connect to the attackers command-and-control server. ....
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat (APT) group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor. Kazuar is a malware written using the .NET framework that was first reported by Palo Alto in 2017 (though its development goes back to 2015). It has been spotted as part of cyberespionage attacks across the globe, according to Kaspersky. Researchers there said it has been consistently used together with known Turla tools during multiple breaches in the past three years. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. ....
An act of cyberwar is usually not like a bomb, it's more like a cancer it's slow to detect, difficult to eradicate, and it causes ongoing and significant damage over a long period of time. This is what we know about the Sunburst hack on the US, writes Paulo Shakarian. ....